AMENDMENTS TO THE CLAIMS 

1. (Currently amended) A computer-implemented method for authorizing a client 
computer to access a second server-based application based upon previously provided 
authorization to access a first server-based application that provides a different service than said 
second server-based application, comprising: 

(a) receiving a request to access the service provided by said second server- 
based application wherein the service provided by said second server-based application is 
different than the service provided by said first server-based application; 

(b) in response to said request: 

(i) determining a session length indicating a length of time said client 
computer has been authorized to access the service provided by said first server-based 
application; 

(ii) calculating a hash value for an authorization ticket received from 
said first server-based application, said session length, and a secret shared between said client 
computer and said second server-based application, and 

(iii) transmitting a request for authorization to access the service 
provided by said second server-based application comprising said hash value, said authorization 
ticket, and said session length. 

2. (Original) The method of Claim 1, wherein said authorization ticket comprises a 
time stamp, and wherein determining a session length comprises subtracting said time stamp 
from an elapsed time counter to determine said session length. 

3. (Previously presented) The method of Claim 2, wherein said elapsed time counter 
is started when said authorization ticket is received from said first server-based application. 
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4. (Previously presented) The method of Claim 3, wherein said authorization ticket 
is received from said first server-based application when said client computer is authorized to 
access the service provided by said first server-based application. 

5. (Previously presented) The method of Claim 1, wherein calculating a hash value 
comprises performing an MD5 hash of an authorization ticket received from said first server- 
based application, said session length, and a secret shared between said client computer and said 
second server-based application. 

6. (Previously presented) The method of Claim 1, further comprising: 

starting a persistence timer when said first server-based application ceases providing a 
service to said client computer; 

determining whether said persistence timer has reached a predefined value prior to 
receiving a response from said second server-based application; and 

in response to determining that said persistence timer has reached a predefined value 
prior to receiving a response from said second server-based application, deleting said 
authorization ticket, said session length and said hash value from said client computer. 

7. (Previously presented) The method of Claim 6, further comprising: 

in response to determining that said persistence timer has not reached a predefined value 
prior to receiving a response from said second server-based application, receiving said response 
from said second server-based application and displaying said response at said client computer. 

8. (Previously presented) The method of Claim 1, wherein said first server-based 
application is an instant messaging application that provides a different service than said second 
server-based application which is a Web application. 

9. (Original) A computer-controlled apparatus operative to perform the method of 
Claim 1. 
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10. (Previously presented) A computer-controlled apparatus operative to perform the 
method of Claim 2. 

1 1 . (Original) A computer-readable medium containing computer-readable 
instructions which, when executed by a computer, perform the method of Claim 1. 

12. (Original) A computer-readable medium containing computer-readable 
instructions which, when executed by a computer, perform the method of Claim 2. 

13. (Currently amended) A computer-implemented method for authorizing a client 
computer to access a second server-based application based upon previously provided 
authorization to access a first server-based application that provides a different service than said 
second server-based application, comprising: 

(a) receiving a request for authorization to access the service provided by said 
second server-based application from said client computer comprising a hash value, an 
authorization ticket, and a session length wherein the service provided by said second server- 
based application is different than the service provided by said first server-based application; 

(b) computing a new hash value for said authorization ticket, said session 
length, and a copy of a secret shared between said client computer and said second server-based 
application; 

(c) determining whether said hash value received from said client computer is 
identical to said new hash value; and 

(d) in response to determining that said hash value received from said client 
computer is identical to said new hash value, authorizing said client computer to access the 
service provided by said second server-based application. 

14. (Previously presented) The method of Claim 13, further comprising: 
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(e) in response to determining that said hash value received from said client 
computer is identical to said new hash value; 

(i) determining whether a sum of said session length and a time stamp 
received as part of said authorization ticket is within a preset threshold value of a current time; 
and 

(ii) in response to determining that the sum of said session length and 
said time stamp is within said preset threshold value, authorizing said client computer to access 
the service provided by said second server-based application. 

15. (Previously presented) The method of Claim 14, further comprising: 

(f) in response to determining that said hash value received from said client 
computer is not identical to said new hash value, not authorizing said client computer to access 
the service provided by said second server-based application. 

16. (Previously presented) The method of Claim 15, further comprising: 

(g) in response to determining that the sum of said session length and said 
time stamp is not within said preset threshold value, not authorizing said client computer to 
access the service provided by said second server-based application. 

17. (Original) A computer-controlled apparatus operative to perform the method of 
Claim 13. 

18. (Original) A computer-controlled apparatus operative to perform the method of 
Claim 14. 

19. (Original) A computer-readable medium containing computer-readable 
instructions which, when executed by a computer, perform the method of Claim 13. 

20. (Original) A computer-readable medium containing computer-readable 
instructions which, when executed by a computer, perform the method of Claim 14. 
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21. (Previously presented) The method of Claim 13, wherein said first server-based 
application is an instant messaging application that provides a different service than said second 
server-based application which is a Web server application. 
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